[Openid-specs-risc] WG Call Notes

Atul Tulshibagwale atul at sgnl.ai
Tue Nov 1 17:49:09 UTC 2022 

Hi all,
Here are the meeting notes of the call on 11/1/2022. They are also
available here <https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101>.

WG Meeting: 2022-11-01
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Agenda>Agenda

   - Introductions / Re-introductions
   - Pull Requests
   - Stream ID Discussion
   - Update on MITRE Round Table
   - IETF Subject Identifiers in Last Call for Review
   - Activity Events

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Attendees>Attendees

   - Atul Tulshibagwale (SGNL)
   - James Fisher (Easy Dynamics)
   - Frank Taylor (VMWare)
   - Srinivas Challa (Workday)
   - Edmund Jay ()
   - Nancy Cam Winget (Cisco)

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Notes>Notes
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#lt-Agenda-item-1-gt><
Agenda item 1 >

   -

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Action-Items>Action
Items

   - Streams Pull Request <https://github.com/openid/sse/pull/9> (Shayne)
   - Merged the namespace pull request (Atul)

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Multiple-Streams>Multiple
Streams

   - It’s not only about event types
   - There needs to be a 1:1 mapping between Tx and Rx
   - You may want to route streams differently based on country of origin
   of subjects
   - Staging versus production streams may be different
   - If you are updating versions, you may want to have some streams
   relaying events from the new version

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#IETF-SecEvents-Subject-Identifiers>IETF
SecEvents Subject Identifiers

   - Subject Idetifiers
   <https://datatracker.ietf.org/doc/draft-ietf-secevent-subject-identifiers/>

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#WG-Name-Chagne>WG Name
Chagne

   - No comments received that we know of
   - If Tim confirms, we can change the name of the working group to
   “Shared Signals Framework” (SSF)

<https://hackmd.io/@oidf-wg-sse/wg-meeting-20221101#Activity-Events>Activity
Events

   - Workday would like to see events about user activity in the session
   - The use-case is continuous authentication, to see if the user is
   performing any anomalous activity
   - The IETF working group is considering use SCIM operations with SSE
   - Current proposal in IETF - SCIM Events
   <https://datatracker.ietf.org/doc/draft-ietf-scim-events/>
   - Would “assurance level change work?” Probably not because the
   application may not know what the assurance level is
   - User may be coming from a strange IP address range
   - There may be a separate service that tracks user activity and provides
   events based on activity
   - “user ran x report” could be an event
   - “user accessed PII data” could be a more generally understood event,
   which can be sent.
   - Atul and Srinivas to sync up offline about this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20221101/58efb683/attachment-0001.html>

More information about the Openid-specs-risc mailing list